[systemd-devel] Enrolling PCR11 does not work as expected
Felix Rubio
felix at kngnt.org
Wed Jul 5 12:44:48 UTC 2023
I understand that, but systemd-measure is only about PCR 11. Is there
any way to provide a list of PCRs, so that additionally can be embedded
on the UKI?
Thank you,
Felix
On 2023-07-05 14:26, Lennart Poettering wrote:
> On Mi, 05.07.23 13:11, Felix Rubio (felix at kngnt.org) wrote:
>
>> For what is explained on the the systemd-pcrphase.service(8) and
>> comparing
>> it to what I see in the log of the systemd services, there are three
>> events
>> in relation to this question:
>>
>> systemd-pcrphase-initrd.service
>> [...]
>> [systemd-ask-password-console.service]
>> [...]
>> systemd-pcrphase-sysinit
>> systemd-pcrphase
>>
>> This means that, indeed, running cryptenroll after the new kernel has
>> booted
>> will never provide the correct PCR registry for 11. But then... what
>> options
>> do I have? Do I need to choose between having PCRs 7 and 14, so that I
>> make
>> sure that SB is up and running and all the certs from shim have not
>> changed,
>> or to have only PCR 11 so that I know that the UKI has not changed
>> although
>> SB can potentially be even disabled (please, correct me if wrong)?
>
> The idea is that with systemd-measure you sign the pre-calculated PCRs
> for all phases you care about with a key, and then you use enroll the
> public key that matches that signature in the disk encryption, rather
> than literal PCR values.
>
> Using signed PCR policies enables you to do multiple things at once:
>
> 1. You can easily enroll one public key, and have it cover multiple
> phases of the boot, simply by providing multiple signatures for the
> PCR values expected in the various boot phases.
>
> 2. You can easily enroll one public key, and then update the UKI and
> still boot up correctly, by providing a new set of signatures for
> the new expected PCR values for the various boot phases.
>
> Hence, the PCR 11 logic we have in place is *not* designed with TPM
> policies that bind to explicit PCR values in mind. Instead it is
> designed in mind with policies that bind to public keys that match
> signatures of those PCR values.
>
> Lennart
>
> --
> Lennart Poettering, Berlin
More information about the systemd-devel
mailing list